E-Commerce merchants face an onslaught of cyber attacks daily. To defend clients from significant financial losses, ECOMMPAY implements stringent security measures, safeguarding your revenues.

Data Security

Confidentiality and data protection

TLS 1.2

ECOMMPAY applies Transport Layer Security (TLS) version 1.2 to ensure a secure connection, enabling the safe transfer of data between a customer’s browser and the payment application.


To ensure optimum security, ECOMMPAY has developed a proprietary application using the AES-256 algorithm, which is applied to all credit card data entered into our system.


ECOMMPAY’s Token Terminal enables clients unable to store sensitive payment data to accept payments and issue payouts by encrypting electronic payment data.

When making purchases online, customers do not transfer their payment details to the merchant. Instead, this sensitive payment data is encrypted, becoming a random set of characters (tokens), which cannot be decrypted without matching parameters. Even if intercepted, customer data remains secure. Stored in the database of PCI DSS certified provider ECOMMPAY, encrypted bank card details are attached to the user account, so frequent customers need not re-enter their details to make repeat purchases.

Multifactor authentication system

We’ve introduced a multifactor authentication system in accordance with the new requirements of PCI DSS to remotely verify sensitive payment data.

Cardholder Data Protection (CHD)

ECOMMPAY stores CHD in accordance with PCI DSS: the 16-digit account number (PAN) displayed on the debit or credit card is encrypted, while the cardholder’s name and the bank card’s expiry date remain accessible.

Storing identifiable details, such as CVV2/CVC2 codes, is prohibited.

Protection against DDoS attacks

Distributed Denial of Service (DDoS) is a targeted attack on a website by a large number of false requests from different computers from all over the world. As a result, the server is overloaded, and users cannot access the site or the required service. At best, it will displease your customers and at worst the company will incur substantial losses.

Our anti-DDoS system automatically detects attacks on websites or web applications to ensure the continuous availability of your payment services. For attacks on web applications, we use the Web Application Firewall (WAF).

Protect your revenues
by preventing unauthorised activity